Posted
by
samzenpus
on Thursday June 05, 2014 @05:30AM
from the do-not-pass-go dept.

Bismillah (993337) writes 'The British government wants life in prison for hackers who cause disruption to computer networks, resulting in loss of life or threat to the country's national security. From the article: "The UK government will seek to amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause. Currently, the law provides for a maximum sentence of ten years' imprisonment for those who commit the offence of impairing a computer. A new, aggravated offence of unauthorised access to a computer will be introduced into the Computer Misuse Act by the government, carrying far longer sentences."'

No, the death sentence is reserved for politicians and prime ministers who go to war on false pretenses just to get re-elected, resulting in loss of life or threat to the country's national security. From the article: "The UK government will seek to ensure sentences for attacks on society fully reflect the damage they cause".

No, the death sentence is reserved for politicians and prime ministers who go to war on false pretenses just to get re-elected

The strange thing is that this isn't even a very good strategy, at least not in the UK. Blair's administration only just retained power at the general election after going to war in Iraq, and even that was because of a combination of quirks in our electoral system. At the following election, it was closer to "Labour? Who are they?".

Until 1998, we had the death penalty as a punishment for high treason against the crown, so under that law it would have been possible to punish a computer offence with death if the defendant had disrupted a computer network with the intention of committing treason.

But not only was the death penalty for treason abolished [wikipedia.org]; we're prohibited from restoring the death penalty (for any offence) as long as we're signed up to the European Convention on Human Rights.

Death is reserved for people who are unable to reform and function in society, who are unable to function within the prison system, and who are unable to be medicated into submission for their natural lives. Death is not a punishment, it is a method of protecting society from someone so utterly abhorrent that it is literally impossible to allow them to continue living.

I don't know of anybody like that. I'm glad we don't have the death penalty.

Death is reserved for people who are unable to reform and function in society, who are unable to function within the prison system, and who are unable to be medicated into submission for their natural lives.

Well, you just described your average politician so I'm not sure what your beef is.

And I would add, "who live in a society that is unable to contain them". I could see some banana republic dispatching criminals as it has no reasonable incarceration facilities, but the US doesn't qualify.

You seem to be of the opinion that psychopaths act maliciously, as though it is their choice to react impulsively and violently and without remorse. However, we interpret their actions as malicious because we perceive them as such through our rational opinions. They are mentally ill, perhaps moreso than if they had any other form of mental illness; They are incapable of acting in a reasonable manner.

These people fit into the third category; Medicated. They should be given all the care and treatment we can

I'm sorry but not only is that a slippery slope, as in the past gays were listed as "mentally ill" because they didn't match up with what the state considered normal but its also ignoring the fact that some just get off on causing pain, see Gacey, Hansen, Lake & Ng for examples. They aren't "mentally ill" as they knew EXACTLY what they were doing, they simply gained pleasure from the suffering and death of others. Some such as Hansen and Gacey even changed their patterns when they knew they were being

It should not. However throwing it in there makes the law sound reasonable so they can extend the punishment for more abstract crimes like 'our contractor charged us X million dollars to clean up' and 'we lost customers due to our crappy security being exploited'.

Throw a bit about death and injury in there, but it will probably get used for monetary losses.

At least in the US, it's common to treat death caused by felonious action as premeditated murder. Therefore, if somebody violated the CFAA by maliciously breaking into a hospital system, and disrupted life-support systems in an ICU, they might well face first-degree murder charges.

Oh, the government claims they cannot release the names due to "operational considerations"...

This is why allowing vague terms like "national security" or "terrorism" as a justification for any penalty in law is dangerous. There is a certain irony in this news arriving on the same day that there are moves to hold a terrorism trial completely in secret. It's not so long after the Gary McKinnon fiasco, either.

Typical posturing crap from politicians. No doubt teenagers will be sent to prison for life for discovering security vulnerabilities. Having said that the morons known as the general population put up with this shit so lets concentrate on saving the children from terrorists and pedos by turning off the internet. When they have safely grown up we can pay them benefits cheques instead of a job or put them in prison for the rest of their lives sewing mail bags. Lets get our priorities right eh.

I guess that law the brits have about causing the death of one of its own citizens can't be found? I'm not to understanding of english law, let me speak this out. "If a person stabs and hacks some slob in the middle of the street, that's murder. Ok, that makes sense. But if that same killer is the one that turns off that same poor slob's life support machine, there is an english question as the, 'cause of death' ?"

I thought U.S. law enforcement were the lazyest on this planet, now the U.K. is trying to co

Certainly there is a place for severe punishment for horrible crimes, but this is mostly about portraying a group of people as undesirable. The UK government has a history of creating commercials that make thieves out to be subhuman, you wouldn't catch them doing the same to nefarious bankers. It's just old fashioned them and us politics. What they don't realize is that if you daemonize a hacker, she just runs in the background.

Which is funny if you use a language where "real" means float (i.e. a real number, as opposed to rational or integer). At least Fortran does this, and I think we can all agree that Fortran is one of the few languages fit for a Real hacker.

- What makes you think she's a witch?
- She turned me into a newt!
- A newt?
- I got better.
- Burn her anyway!
- Quiet! Quiet!
- There are ways of telling whether she is a witch.
- Are there? What are they? Tell us. - Do they hurt?
- Tell me, what do you do with witches?
- Burn them!
- And what do you burn, apart from witches?
- More witches! - Wood!
- So why do witches burn?
- 'Cause they're made of wood? - Good!
- So, how do we tell if she is made of wood?
- Build a bridge out of her.
- Ah, but can you

I think it's more about corps not wanting to pay for security. If you just drop the hammer and drop it hard people get the message. Sure, they'll still be attacks (lots of desperate ppl in today's economy), but they'll be fewer. Mean time to failure is important. People are already forgetting about Target, but if those sorts of attacks were monthly companies would have to do something about them.

Also, the nice thing about using brutal sentencing to slow the pace of attacks is the cost shifting. The Taxp

The second part 'threat to the country's national security' on the other hand is such a broad term, it is basicly a blank check where they can fill in any sentence for any crime as they wish.

Now combine this with the other announcement: "UK Seeks To Hold Terrorism Trial In Secret" so such "threat the national security" rule also means that the trial get to be secret.

So I guess it's really about the second part, and the first part is only there to give it more weight: 'HACKERS MIGHT KILL YOU!'

Yup. To me it sounds like "You do something we don't like with a computer? We get the right to disappear you! For Life! Cause, you see, it's a matter of national security. Thus the trial is secret, and the sentence is life"

Since embedded computers are so pervasive in domestic appliances, it seems as though some lateral thinking by the security services could result in all sorts of breaches of the law.

EG:

People have fridges with embedded computers, that can re-stock themselves with food by ordering online. Disrupting that computerised fridge could be seen as attempting to starve them to death with a computer:

The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

That's the problem. In UK law, it is murder if you intended to kill or cause serious injury to someone, and someone dies as a result (may be another person). If some bloody idiot hacks into a hospital's computer system "for the lulu" (Safari replaces a z with an u, and I find it actually more appropriate that way), and as a result people die without any intent to cause death, then apparently this isn't murder currently.

What if someone cuts the water or power to the hospitol and mixes suger in the gas of the generator? There is no reason this should specifically include computers and not other attacks.

The difference between this and computer hacking is that you have to be physically present. You see a hospital. Your mind realises there is a hospital with people. The hacker doesn't see a hospital, he sees a keyboard and a screen. For some low lives there is no connection between their actions and real people. It's like a violent computer game.

The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

That's the problem. In UK law, it is murder if you intended to kill or cause serious injury to someone, and someone dies as a result (may be another person). If some bloody idiot hacks into a hospital's computer system "for the lulu" (Safari replaces a z with an u, and I find it actually more appropriate that way), and as a result people die without any intent to cause death, then apparently this isn't murder currently.

Inddeed. "Threat to the national security" was recently used to quash an investigation into corruption and bribery involved in a deal with Saudi Arabia. Important to have the Saudi royal family on your side, apparently. More important than the law or justice; so the "National Security" card was played and everything got dropped.

This move is about stopping people like Edward Snowden. It what we've come to expect from the Britsh State.

Meanwhile, the government gets up to whatever the hell it likes under the u

I can see stiffer sentences if the hacking leads to loss of life DIRECTLY. For example, hacking into a hospital system and bringing down critical life saving systems.

But to me, and I don't know how the UK manslaughter laws are rigged, it would be more helpful to update those laws instead of this one.

Having said that, national security combined with unauthorized computer access can and will be used against whistleblowers of government abuse. Watch for that to happen.

I'm generally in favour of people not getting any discounts on sentences for 'cyber attacks'. This is partly because I remember a time long ago when certain egotistical morons saw creating malware and letting it loose on the public as a good career move, a short cut to a well paying job. However, even those people don't deserve a life sentence and whoever thought of that idea should look up the word 'draconian' in a dictionary. If a cyber attack kills somebody use the manslaughter laws, if they cause massiv

...is in a position to criticism the US. I lived in Scotland for years, so I'm fairly familiar with the UK, and from Oz originally.

The US is losing it's way, but not as badly as the UK. Crazy amounts of surveillance, very poor rights for photographers and journalists, ridiculous laws such as going to jail if you forget an encryption key...

Not to mention this nonsense. Prison is not meant to be primarily a deterrent, but a way to rehabilitate if possible. Because, you know, the punishment should fit the crime.

I'm not disagreeing with any of your observations, but I do think "people who live in glass houses" isn't much of an argument, even in the best of cases.The way I look at it is all today's governments are abominations, so they all need criticizing. And today happens to be the UK's turn.

"Prison is not meant to be primarily a deterrent, but a way to rehabilitate if possible"

Err , sorry , excuse me? A primary deterrent is exactly what it is and a way to keep criminals out of main society. Rehabilitation comes later if it even works which with a lot of psychopaths and sex offenders it doesn't.

Like what? If you mean you can't go and break into someone's garden and take pictures of them naked through their bedroom window to sell to the tabloid press, then yes, we're absolutely awful in this respect. What a shame.

Other than that apart from some police officers who got it wrong in terms of letting people take pictures where they actually could I don't really see what the deal is. I've been able to take pictures just fine in everything from military bases, to the L

The UK has always had a headstart on corporate-driven fascism, way back to the Empire, but Americans are proving adept at catch-up. See, this kind of sentencing makes perfect sense as soon as you adopt the position that only corporate interests matter.

The public has turned into a big sissy, frightened by the slightest perceived threat. And we have no common sense or agreement on what should be considered wrong or illegal. I would rather throw the people that advertise phony medications on the net under the bus than some guy who hacks into a banks computer and tells the world about who has the money in the community.

Obviously, GCHQ has done the most damage to "computer infrastructure" since the Morris worm, and funneled data about British citizens out of the country, into the hands of possible malign foreign actors.

Not to mention that I remember multiple cases a few years back of large amounts of government data (tapes, laptops etc.) getting lost, it seemed, on a regular basis.Oh hey, wikipedia even has a page on it. [wikipedia.org]

The phrase "life imprisonment" means nothing in the UK. Recently a man absconded from a prison who was said to be serving 3 life sentences. From reading the newspaper article reporting the case it transpired that his tariff was actually 13 years (sorry can't remember which paper or exact details).

So when being used by the UK justice system the term "life" would seem to refer to about an average dogs life. It's totally meaningless and quite frankly an insult to your intelligence.

This being the case "life" for computer related offences will probably mean you serve about 1/2 hour in an open prison - unless you take some money off someone powerful in which case you'll probably get a "life" sentence of about 10 years.

This doesn't take away fropm the fact that this is anoter pathetic, ill thought out, idea for legislation dreamt up by one of the useless cretins currently in parliament.

The UK justice system is a sad joke whose only purpose is to protect the rich and powerful (same as the world over really)

...label pretty much any hacking as "life-threatening or endangering the nation's security". I mean, we've seen this before, in how people who pirate TV shows and software are by American organizations pretty much labelled "terrorists".

the whole "cyberattack" thing is grossly overblown and is primarily a) outrage of US/UK against those doing the same to it as it does to them and b) a mega growth industry to complement or be absorbed by the current military industrial complex.

Computer related crimes are already too inflated already, and there are means for which most any serious intrusion could be met with stacked charges. There are probably one or two cases a decade where this might be needed, but I suspect it will be abused far more often than that, especially since 'national security' is involved.

I was thinking the same thing -- never known anyone getting life for aggravated assault, even for attempted murder. Seems like a terribly written law that could be very easily be broadly applied and abused by UK authorities.

The real bad guys are simply undeterred by this, and botnets continue to expand.

Also... this seems wrong... it's like elevating a petty theft to a felony, because of some technicality,
the thief wouldn't even have known about.

The real severe sentence should be on the folks who negligently designed computer networks
that were susceptible to easy attack, And/OR the folks who broke policies and allowed them to come under attack.

For example: If you plug your waterworks into the internet, and some hac

You don't get a pass for sticking a spear in someone's chest, just because they exposed their belly.

It's an irrelevent analogy. A computer system is not someone's belly.

A more apt analogy is: Some shortsighted folks decided to setup a little tent somewhere in the middle of the interstate, and lie down to take a nap: and they are proposing to execute anyone running over these folks while they were asleep in their tent.

.... they have a point. The interdependence of and increasingly wide spread use of computer controlled systems means that it's not a matter of if but when some malicious hacker is going to commit an act which brings widespread devastation, financial damage, perhaps even death. It's no longer just phreaking with the blue boxes any more kiddies. That's why I want to seriously know how Google is going to guard it's self driving cars against deliberate acts of malice. And I'm hoping that the U.S. militar

Anyone from the UK care to comment. Because I never thought of the UK as being draconian in their sentencing (if anything, a little light on some crimes).

What's the sentencing range for serious crimes like rape, aggravated assault, attempted murder, or causing serious bodily harm, etc? I mean do people get life for causing serious injury in the UK? I doubt it, so why does a football hooligan not get life for beating someone severely, but equivalently hurting someone with a computer merits life? Sounds like

A criminal negligence statute that all reasonable protections against hacking must be taken to secure customer data or data which affects a countries national security. Applicable to specifically to any company officer. Make safety of data a priority.